While VPN users across the globe might assume their internet activity is safe from prying eyes, the privacy of millions could be jeopardised by little-known information sharing treaties, designed to sidestep surveillance law.

According to data collated and analysed by TechRadar Pro, almost half (46.6%) of all VPN services are headquartered in countries known to participate in the Fourteen Eyes intelligence sharing pact.

Members of this agreement – including the UK, USA, Canada and more – could reportedly use its terms to circumvent laws that prohibit the surveillance of citizens, which poses a significant threat to privacy-focused VPN users.

Fourteen Eyes intelligence pact

The genesis of the Fourteen Eyes pact can be found in the Five Eyes alliance (FVEY) – an agreement between the US and UK established in the 1940s, and expanded to include Australia, New Zealand and Canada.

The intelligence sharing agreement was originally military in nature, designed to give participating nations an advantage in the Cold War, but now also encompasses information relating to internet activity.

According to documents leaked by Edward Snowden, the group later swelled to include Denmark, Norway, France, Italy, Belgium, Germany, Spain, Sweden and the Netherlands, creating the Fourteen Eyes pact (also referred to as SIGINT Seniors Europe).

While not quite as intimate as the FVEY nations, members of the less official Fourteen Eyes syndicate participate in similar intelligence collaboration activities, outside the legal jurisdiction of any single state.

(Image credit: Shutterstock / Valery Brozhinsky)

VPN privacy

The existence of the Fourteen Eyes agreement could have significant ramifications for VPN users, whose primary objectives relate to information privacy and cybersecurity.

If our calculation is expanded to countries suspected of collaborating with Fourteen Eyes (such as Israel and Singapore), the proportion of VPN services based in affected localities rises to 48.4%.

Our data also shows that Windows and MacOS users are equally at risk, with 86.8% of VPN services based in member nations compatible with Windows and 86.0% with Mac.

iOS users are least likely to use an affected VPN, with only 65.9% of Fourteen Eyes-based VPNs operating on Apple’s mobile OS, compared to 70.5% on Android.

The potential privacy issues are amplified by the widespread use of free VPNs, which are more likely to keep activity logs than their paid counterparts, despite claims surrounding zero-log or logless policies.

Information collected could include websites visited, connection timestamps, bandwidth usage, server location and even original IP address – all of which could be shared among members of the intelligence pact.

To avoid privacy issues attached to this agreement, users are advised to opt for a paid VPN with an audited no-logging policy, based in a country that does not fall under the Fourteen Eyes alliance.

For example, popular services such as Express VPN and Nord VPN are headquartered in the British Virgin Islands and Panama respectively, and so avoid any association with the problematic and privacy-compromising alliance.

TL

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT

Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.